From dcad869c6e395d363bf05565843ff6982518e5c7 Mon Sep 17 00:00:00 2001
From: Patrick Northon <northon_patrick3@yahoo.ca>
Date: Sat, 11 May 2024 11:05:22 -0400
Subject: [PATCH 1/4] Remove stale signature files and fail if moving a
 required signature file fails.

---
 lib/libalpm/dload.c | 41 +++++++++++++++++++++++++++++++----------
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 8dc5b640..4d83fd01 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -1094,6 +1094,25 @@ static int move_file(const char *filepath, const char *directory)
 	return 0;
 }
 
+static int unlink_and_maybe_move_file(const char *filepath, const char *directory, const bool do_move)
+{
+	ASSERT(filepath != NULL, return -1);
+	ASSERT(directory != NULL, return -1);
+	int ret = finalize_download_file(filepath);
+	if(ret != 0) {
+		return ret;
+	}
+	const char *filename = mbasename(filepath);
+	char *dest = _alpm_get_fullpath(directory, filename, "");
+	unlink(dest);
+	if(do_move && rename(filepath, dest)) {
+		FREE(dest);
+		return -1;
+	}
+	FREE(dest);
+	return 0;
+}
+
 static int finalize_download_locations(alpm_list_t *payloads, const char *localpath)
 {
 	ASSERT(payloads != NULL, return -1);
@@ -1108,18 +1127,20 @@ static int finalize_download_locations(alpm_list_t *payloads, const char *localp
 		if(payload->destfile_name) {
 			int ret = move_file(payload->destfile_name, localpath);
 
-			if(ret == -1) {
-				returnvalue = -1;
+			const char sig_suffix[] = ".sig";
+			char *sig_filename = NULL;
+			size_t sig_filename_len = strlen(payload->destfile_name) + sizeof(sig_suffix);
+			MALLOC(sig_filename, sig_filename_len, continue);
+			snprintf(sig_filename, sig_filename_len, "%s%s", payload->destfile_name, sig_suffix);
+
+			if(unlink_and_maybe_move_file(sig_filename, localpath, payload->download_signature) == -1 && !payload->signature_optional) {
+				ret = -1;
 			}
 
-			if (payload->download_signature) {
-				const char sig_suffix[] = ".sig";
-				char *sig_filename = NULL;
-				size_t sig_filename_len = strlen(payload->destfile_name) + sizeof(sig_suffix);
-				MALLOC(sig_filename, sig_filename_len, continue);
-				snprintf(sig_filename, sig_filename_len, "%s%s", payload->destfile_name, sig_suffix);
-				move_file(sig_filename, localpath);
-				FREE(sig_filename);
+			FREE(sig_filename);
+
+			if(ret == -1) {
+				returnvalue = -1;
 			}
 		}
 	}

From f1a37aecae757ce8555f3284fe16c32570df95cc Mon Sep 17 00:00:00 2001
From: Patrick Northon <northon_patrick3@yahoo.ca>
Date: Sat, 11 May 2024 11:07:59 -0400
Subject: [PATCH 2/4] Fix spelling/typo/grammar.

---
 lib/libalpm/dload.c | 2 +-
 lib/libalpm/dload.h | 2 +-
 lib/libalpm/sync.c  | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 4d83fd01..29b3998b 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -608,7 +608,7 @@ static int curl_check_finished_download(alpm_handle_t *handle, CURLM *curlm, CUR
 	curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &timecond);
 	curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &effective_url);
 
-	/* Let's check if client requested downloading accompanion *.sig file */
+	/* Let's check if client requested downloading a companion *.sig file */
 	if(!payload->signature && payload->download_signature && curlerr == CURLE_OK && payload->respcode < 400) {
 		struct dload_payload *sig = NULL;
 		char *url = payload->fileurl;
diff --git a/lib/libalpm/dload.h b/lib/libalpm/dload.h
index 88684676..acaf0898 100644
--- a/lib/libalpm/dload.h
+++ b/lib/libalpm/dload.h
@@ -49,7 +49,7 @@ struct dload_payload {
 	int allow_resume;
 	int errors_ok;
 	int unlink_on_fail;
-	int download_signature; /* specifies if an accompanion *.sig file need to be downloaded*/
+	int download_signature; /* specifies if a companion *.sig file need to be downloaded*/
 	int signature_optional; /* *.sig file is optional */
 #ifdef HAVE_LIBCURL
 	CURL *curl;
diff --git a/lib/libalpm/sync.c b/lib/libalpm/sync.c
index e73b8ffc..3e87d574 100644
--- a/lib/libalpm/sync.c
+++ b/lib/libalpm/sync.c
@@ -744,9 +744,9 @@ static int find_dl_candidates(alpm_handle_t *handle, alpm_list_t **files)
 			ASSERT(spkg->filename != NULL, RET_ERR(handle, ALPM_ERR_PKG_INVALID_NAME, -1));
 
 			need_download = spkg->download_size != 0 || !_alpm_filecache_exists(handle, spkg->filename);
-			/* even if the package file in the cache we need to check for
-			 * accompanion *.sig file as well.
-			 * If *.sig is not cached then force download the package + its signature file.
+			/* even if the package file is in the cache, we need to check for
+			 * a companion *.sig file as well.
+			 * If *.sig is not cached, then force download the package + its signature file.
 			 */
 			if(!need_download && (siglevel & ALPM_SIG_PACKAGE)) {
 				char *sig_filename = NULL;

From 3fc7b75c6006e5b2e8751513268b1f3c5beb0429 Mon Sep 17 00:00:00 2001
From: Patrick Northon <northon_patrick3@yahoo.ca>
Date: Sat, 11 May 2024 11:36:36 -0400
Subject: [PATCH 3/4] Also check for payload->download_signature.

---
 lib/libalpm/dload.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 29b3998b..57e6f628 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -1133,7 +1133,8 @@ static int finalize_download_locations(alpm_list_t *payloads, const char *localp
 			MALLOC(sig_filename, sig_filename_len, continue);
 			snprintf(sig_filename, sig_filename_len, "%s%s", payload->destfile_name, sig_suffix);
 
-			if(unlink_and_maybe_move_file(sig_filename, localpath, payload->download_signature) == -1 && !payload->signature_optional) {
+			if(unlink_and_maybe_move_file(sig_filename, localpath, payload->download_signature) == -1 &&
+					payload->download_signature && !payload->signature_optional) {
 				ret = -1;
 			}
 

From 94cf06fdc8a500aa2d8b4ed38813dc0ef493db85 Mon Sep 17 00:00:00 2001
From: Patrick Northon <northon_patrick3@yahoo.ca>
Date: Sun, 23 Jun 2024 09:09:05 -0400
Subject: [PATCH 4/4] Changes around upstream merge.

---
 lib/libalpm/dload.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/libalpm/dload.c b/lib/libalpm/dload.c
index 48993555..c9399134 100644
--- a/lib/libalpm/dload.c
+++ b/lib/libalpm/dload.c
@@ -1126,6 +1126,13 @@ static int finalize_download_locations(alpm_list_t *payloads, const char *localp
 		if(payload->destfile_name) {
 			int ret = move_file(payload->destfile_name, localpath);
 
+			if(ret == -1) {
+				/* ignore error if the file already existed - only signature file was downloaded */
+				if(payload->mtime_existing_file == 0) {
+					returnvalue = -1;
+				}
+			}
+
 			const char sig_suffix[] = ".sig";
 			char *sig_filename = NULL;
 			size_t sig_filename_len = strlen(payload->destfile_name) + sizeof(sig_suffix);
@@ -1134,17 +1141,10 @@ static int finalize_download_locations(alpm_list_t *payloads, const char *localp
 
 			if(unlink_and_maybe_move_file(sig_filename, localpath, payload->download_signature) == -1 &&
 					payload->download_signature && !payload->signature_optional) {
-				ret = -1;
+				returnvalue = -1;
 			}
 
 			FREE(sig_filename);
-
-			if(ret == -1) {
-				/* ignore error if the file already existed - only signature file was downloaded */
-				if(payload->mtime_existing_file == 0) {
-					returnvalue = -1;
-				}
-			}
 		}
 	}
 	return returnvalue;